commit 1eea82a92a141416b3f0ee4d52434252cb948b47
author Adam Langley <agl@imperialviolet.org> Mon Oct 17 21:15:16 2022 +0000
committer Boringssl LUCI CQ <boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com> Tue Oct 18 02:43:21 2022 +0000
tree 47963eecc6461c457a322c26f6cc8116b4aac672
parent 14aa0de18f638a92be13597bc1b8a95ca8fcf8a4

Break FIPS tests by zeroing out the entire value.

Previously the code just flipped one bit. But, empirically, modern Clang
will sometimes produce code that doesn't depend on the first 16 bytes of
the data; they are encoded in the instructions instead. Thus zero out
the full value.

(If Clang ever starts embedding complete values into the instruction
stream then we're going to have to do something more complex. Self tests
are a bit funny: the compiler could reasonably optimise them away
completely given that it sees all the inputs. Perhaps the inputs would
have to be moved into a different object file.)

Change-Id: I7bfb18cb7868def67fc791dcc31c5915c7728ac4
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/54825
Commit-Queue: Adam Langley <agl@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
Auto-Submit: Adam Langley <agl@google.com>
Reviewed-by: David Benjamin <davidben@google.com>

util/fipstools/break-kat.go

diff --git a/util/fipstools/break-kat.go b/util/fipstools/break-kat.go
index b500545..621791d 100644
--- a/util/fipstools/break-kat.go
+++ b/util/fipstools/break-kat.go
@@ -75,7 +75,17 @@
 		os.Exit(3)
 	}
 
-	binaryContents[i] ^= 1
+	// Zero out the entire value because the compiler may produce code
+	// where parts of the value are embedded in the instructions.
+	for j := range testInputValue {
+		binaryContents[i+j] = 0
+	}
+
+	if bytes.Index(binaryContents, testInputValue) >= 0 {
+		fmt.Fprintln(os.Stderr, "Test input value was still found after erasing it. Second copy?")
+		os.Exit(4)
+	}
+
 	os.Stdout.Write(binaryContents)
 }